Allgemein Configuration Management Linux System Windows

Saltstack diverse braindumps & snipples

0

Folgende Code Bespiele sollten vorher geprüft und hinterfragt werden!
Eine Nutzung geschieht auf eigene Gefahr und die Richtigkeit dieser Seiteninhalte wird nicht gewährleistet. Es stellt eine reine Notiz zur Erinnerung von Arbeitsvorgängen dar.
Saltstack ist in seiner weiteren Entwicklung recht schnelllebig, was wiederum eine Veralterung der hier gemachten Notizen intensiviert.

Grains & Syncing

salt-call grains.items
salt-call grains.get XYZ

– state.highstate
— manually synced and reloaded by calling the
—– saltutil.sync_grains
—– saltutil.sync_all

salt ‚*‘ mine.update
salt-call ‚*‘ mine.flush
salt-call –local key.finger
salt -F
salt –versions-report

Alle laufenden Systeme anzeigen

salt-run manage.status
salt-run manage.status tgt=“ftp*“ 30 7 * * * /etc/zabbix/update-test.sh|zabbix_sender -z 10.10.10.10 –tls-connect=psk –tls-psk-identity=“PSK 001″ –tls-psk-file=/etc/zabbix/key.psk -i – >/dev/null

Debuging Salt

stop salt-minion
salt-minion -l debug
Follow the log file: tail -f /var/log/salt/minion
– context is: {{ show_full_context() }}

Server installation

https://repo.saltstack.com/#ubuntu
https://docs.saltstack.com/en/latest/topics/installation/ubuntu.html

Client Bootstrab Installation

https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html

Install minion one line command

curl -L https://bootstrap.saltstack.com | sudo sh

Configure Salt

https://docs.saltstack.com/en/latest/topics/configuration/index.html

Salt install

Repositorys Debian Stretch
===========================
deb http://repo.saltstack.com/apt/debian/9/amd64/archive/2017.7.0 stretch main
# deb http://repo.saltstack.com/apt/debian/9/amd64/latest stretch main

JESSIE
=========
deb https://repo.saltstack.com/apt/debian/8/amd64/2017.7 jessie main

Ubuntu Repository
==================
Run the following command to import the SaltStack repository key:
wget -O – https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add –

Save the following file to /etc/apt/sources.list.d/saltstack.list:
deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main

salt ‚qa0001*‘ cmd.run ‚cd /tmp && curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh install_salt.sh -P && sudo systemctl start salt-minion‘

Reactor

https://docs.saltstack.com/en/latest/topics/event/master_events.html#event-master-events
https://docs.saltstack.com/en/latest/topics/reactor/
https://docs.saltstack.com/en/getstarted/event/reactor.html

– ‚myco/custom/event/tag‘:
sudo salt-call event.send ‚my/custom/event/tag‘

Salt-Cloud

https://docs.saltstack.com/en/latest/ref/cli/salt-cloud.html
salt-cloud –list-images all
salt-cloud –list-locations all
salt-cloud –list-size all

salt-cloud -a reboot web1 (REBOOT) !!

Für amazon:
salt-cloud -a show_term_protect mymachine
salt-cloud -a enable_term_protect mymachine
salt-cloud -a disable_term_protect mymachine

im STATE
=========
{{ salt[‚grains.get‘](‚host‘) }
{{ salt[‚grains.get‘](‚fqdn‘) }}

salt-call grains.setval roles [roleA, roleB]
salt ‚fried*‘ grains.delval xyz destructive=True — löschen eine role xyz

/etc/salt/grains
Grains können in /etc/salt/minion auf dem minion gesetzt werden:
grains:
deployment : datacenter4
roles:
– webserver

Eselshilfe

P-I-L-G-E-R-S

Once the master config has been updated, restart the master and send out a call to the minions to refresh the pillar to pick up on the change:
– salt \* saltutil.refresh_modules

Testing Formulas
A smoke-test for invalid Jinja, invalid YAML, or an invalid Salt state structure can be performed by with the state.show_sls function:
salt ‚*‘ state.show_sls apache

Pillar vom Server verteilen

https://docs.saltstack.com/en/latest/topics/pillar/index.html#pillar-namespace-flattening
https://www.fractalcenter.de/2016/06/rollen-im-saltstack-verwenden/

salt-call pillar.get office:ipaddrs:0
salt-call pillar.items

PILLAR in states
————————–
{{ pillar[‚foo‘][‚bar‘][‚baz‘] }}

PKI entfernen
===========
rm -rf /etc/salt/pki /var/cache/salt /var/run/salt

Snipples

salt-call mine.get ‚G@deployment:prod‘ network.ip_addrs compound
salt –batch-size 10 ‚*‘
salt –batch-size 5 ‚zabbix*‘ cmd.run ’service newrelic-infra stop‘
salt ‚*‘ cmd.run ‚ls -l /etc‘
salt ‚qa4711*‘ grains.get cloud_networks:publicnet:ipaddr
salt ‚qa4711*‘ grains.get cloud_networks:servicenet:ipaddr
salt-call state.sls zabbix
salt \* test.ping
salt \* disk.usage
salt \* status.uptime
salt \* grains.items oder -g
salt \* grains.ls
salt \* pillar.items
salt \* service.start mysql
salt \* drbd.overview
salt \* network.interfaces
salt \* network.arp
salt \* pkg.version „openssh-server“
salt \* user.list_users
salt \* user.info mysqladmin
salt \* status.w
salt \* pkg.upgrade
salt \* pkg.autoremove
salt ‚workstation-vm‘ state.sls elasticsearch5.install
salt saltmaster shadow.gen_passwd ‚p@ssw0rd‘ (liefert hash- Ergebnis für nachfolgende zeile)
salt \* shadow.set_password testuser ‚$jkhsd978zdi9ubdi9sdkbdsi8dghksuibhd8‘
salt \* user.add testuser (mit parameter möglich!)
salt \* network.interfaces –out json | jq .
salt \* network.interfaces –out json | jq ‚.[].eth0.inet[].address‘
salt -G ‚os:Fedora‘ test.ping
salt -G ‚os:(RedHat|CentOS)‘ pkg.install hhtpd
salt ‚*‘ cp.list_states (listet alle states)
salt ‚*‘ state.show_sls (name des sate files) Zeigt Rendered state an
salt \* sys.list_functions
salt \* sys.list_functions status
salt-call sys.doc status (zeigt dokumentation)
salt * sys.doc ps
salt-call -d (zeigt shortcut documentation)
salt-call -d service (Doku nur für Service informations)
salt ‚*‘ saltutil.refresh_pillar /refresh pillar)

Commands

salt -vv -t 300 ‚Windows7-TestVM.test.net‘ pkg.list_pkgs – listet alle installierten packete

salt-run winrepo.update_git_repos – bei Ãnderung der repository config
salt-run winrepo.genrepo – generiert
salt ‚*‘ pkg.refresh_db – refresh
OR salt ‚Windows7-TestVM.test.net‘ pkg.refresh_db – refresh only one minion

Minions holen sich alle States ab: salt-call state.highstate
Master schickt einen State: salt XYZ state.highstate
Master schickt eine State: salt XYZ state.sls create_user

Core grains can be overridden by custom grains.
Core grains.
Custom grains in /etc/salt/grains.
Custom grains in /etc/salt/minion.
Custom grain modules in _grains directory, synced to minions.

salt-master -l debug
salt-run manage.down

To debug the states, you can use call locally. !
salt-call -l trace –local state.highstate

salt-run jobs.active
salt-run jobs.list_jobs
salt-run jobs.lookup_jid 20130916125524463507

salt -t 60 ‚*‘ test.ping

Windows

For Windows machines, restarting the minion can be accomplished using the following state:
schedule-start:
cmd.run:
– name: ’start powershell „Restart-Service -Name salt-minion“‚
– order: last

OR running immediately from the command line:
salt -G kernel:Windows cmd.run ’start powershell „Restart-Service -Name salt-minion“‚

salt-run winrepo.update_git_repos
salt-run winrepo.genrepo

Salt – Power Shell

salt \win* cmd.run ‚powershell -File c:\salt\isserviceinstalled.ps1 server‘
If you have a large number of connected minions, you might want to limit how many systems are updated at once. You can do this using the –batch-size option:
salt –batch-size 10 ‚*‘ state.apply

Kommentar hinterlassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

15 + 7 =

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.